Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
Critical

Authentication Bypass in Dell Storage Manager Data Collector ApiProxy

IdentifiersCVE-2025-43995CWE-287· Improper Authentication

CVE-2025-43995 is an improper authentication vulnerability in Dell Storage Manager affecting the Data Collector component. The flaw is described in APIs exposed by ApiProxy.war within DataCollectorEar.ear, where the application accepts a special SessionKey and UserId associated with internal service accounts created in compellentservicesapi. Because these values are insufficiently validated, an unauthenticated remote attacker can submit crafted requests that are treated as authenticated internal-service traffic, bypassing normal authentication controls and reaching protected management APIs.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an unauthenticated remote attacker to bypass authentication and obtain privileged access to Dell Storage Manager management APIs. This can enable privileged actions against the storage infrastructure managed by the affected instance, potentially including access to sensitive management data and administrative operations across managed storage arrays. The vulnerability is described as resulting in protection mechanism bypass and privileged API access.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure of the Dell Storage Manager Data Collector and its ApiProxy.war interface by restricting network access to trusted administrative hosts only, blocking unneeded remote access paths, and isolating the management plane from untrusted networks. Monitor for unexpected requests to Data Collector APIs, especially those presenting anomalous SessionKey or UserId values tied to internal service identities. Because the flaw is unauthenticated and remotely reachable where the interface is exposed, minimizing network reachability is the primary interim mitigation.

Remediation

Patch, then assume compromise.

Dell has published a fix via security advisory DSA-2025-393. The provided content indicates that Dell Storage Manager should be upgraded to a remediated release, with advisory material referencing 2020 R1.22 or later as the remediated version. Apply the vendor update from Dell Support and verify the Data Collector component is updated to the fixed build. Back up critical data before performing the upgrade, consistent with the vendor guidance cited in the content.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Dell TechnologiesDell Storage Managerapplication
Dell TechnologiesStorage Managerapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

12 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

12 SOURCESView more in app
eclypsium blogNews
Oct 29, 2025
BTS #63 - F5 Breach, Linux Malware, and Hacking Banks

A missing authentication for critical functions vulnerability in Dell Storage Manager, potentially allowing attackers to access sensitive endpoints without authentication.

Read more
zeropath blogNews
Oct 24, 2025
Dell Storage Manager CVE-2025-43995: Brief Summary of Critical Improper Authentication Vulnerability - ZeroPath Blog | ZeroPath

An improper authentication vulnerability in Dell Storage Manager that allows unauthenticated remote attackers to bypass authentication and gain privileged access to storage management APIs via specially crafted SessionKey and UserId values in the Data Collector component.

Read more
zeropath blogNews
Oct 24, 2025
Dell Storage Manager CVE-2025-43994: Brief Summary of Missing Authentication Vulnerability - ZeroPath Blog | ZeroPath

An improper authentication vulnerability in the DataCollectorEar.ear component of Dell Storage Manager 20.1.21 that allows attackers to access APIs using special SessionKey and UserId values.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity8

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-43995
NVD
nvd.nist.gov/vuln/detail/CVE-2025-43995
MITRE CWE · CWE-287
Improper Authentication
Vendor Advisory
dell.com/support/kbdoc/en-us/000382899/dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities